exploitDog

GHSA-g7m2-hjxw-27h7

Опубликовано: 28 мая 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025.

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-836

Связанные уязвимости

CVE-2025-48925

CVSS3: 4.3

nvd

9 месяцев назад

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.

EPSS

Процентиль: 13%

0.00044

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-836